Software Quality Requirements Engineering (SQUARE)

Security Quality Requirements Engineering (SQUARE) is a nine-step methodology created at Carnegie Mellon University to assist organizations build security in the early stages of development. US-CERT, the United States Computer Emergency Readiness Team, discusses the SQUARE methodology (Mead, 2013):

Security Quality Requirements Engineering (SQUARE) provides a means for eliciting, categorizing, and prioritizing security requirements for information technology systems and applications. The focus of this methodology is to build security concepts into the early stages of the development life cycle. The model can also be used for documenting and analyzing the security aspects of fielded systems and for steering future improvements and modifications to those systems.

References

Mead, N. (2013). SQUARE process. United States Computer Emergency Readiness Team. https://www.us-cert.gov/bsi/articles/best-practices/requirements-engineering/square-process.

Resources